modules/luksbootkeyfile/main.py in Calamares versions 3.1 through 3.2.10 has a race condition between the time when the LUKS encryption keyfile is created and when secure permissions are set.
https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1835095
https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1835096
https://bugzilla.redhat.com/show_bug.cgi?id=1726565
https://calamares.io/calamares-3.2.11-is-out/
https://calamares.io/calamares-cve-2019/
https://github.com/calamares/calamares/issues/1190
https://github.com/calamares/calamares/issues/1191
https://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/
https://www.pavelkogan.com/2015/01/25/linux-mint-encryption/
Source: MITRE
Published: 2019-07-02
Updated: 2019-08-13
Type: CWE-362
Base Score: 6.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 8.6
Severity: MEDIUM
Base Score: 8.1
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 2.2
Severity: HIGH